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The MAILING DA TE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)13 Responsive to communication(s) filed on 31 October 2005 . 
2a)D This action is FINAL. 2b)[3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1^9 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E1 Claim(s) 1^9 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

Status of the Claims 

1 . Upon further consideration, in light of the newly applied prior art of record, the previous indication of 
allowability of claims 1-6 is hereby withdrawn. No claims are allowable. 

Claim Rejections - 35 USC§101 

2. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

Claims 8-9 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject 
matter. The method steps of claims 1-9 are not limited to tangible embodiments, therefore non-statutory. The claims 1, 7 
and 8 may be amended to read "A computer implemented method for. . . " in order to overcome this rejection. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in 
this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1-9 are rejected under 35 U.S. C. 103(a) as being unpatentable over Poletto et at (US Patent 
Application Publication No. 2002/0031134 and Poletto hereinafter) in view ofMalan et at, US Patent Application No. 
2002/0035698 Al. 

4. As to claim 1, the Poletto teaches the invention substantially as claimed. Poletto teaches a system and method for 
thwarting coordinated SYN denial of service attacks (CSDos), wherein a predetermined fraction of SYN packets destined 
for a server is switched to a processor for analysis (paragraphs 0025-0031), establishing a TCP connection between the 
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client and server, monitoring the timeout connections, wherein if the timeout connections exceeds a predetermined 
threshold, the connection is reset. 

However, the prior art of record does not explicitly teach controlling a network switch to divert a predetermined 
fraction of SYN packets destined for a server, to a web guard processor, and if after monitoring the timed-out connections 
exceeds a predetermined threshold, controlling the switch to divert all SYN packets destined to said server to said web 
guard processor. 

In the same field of endeavor, Malan teaches a method and system for protecting a network from denial of 
service attacks comprising controlling a network switch to divert a predetermined fraction of SYN packets destined for a 
server, to a web guard processor, and if after monitoring the timed-out connections exceeds a predetermined threshold, 
controlling the switch to divert all SYN packets destined to said server to said web guard processor (see Malan, paragraph 
0108-0110). 

5. As per claim(s) 2 Poletto-Malan teaches the claimed invention as described in claim(s) 1 above and furthermore 
discloses generating an alarm indicating that said server is likely to be under attack, (See Poletteo, paragraph 0055-0058). 

6. As per claim(s) 3 Poletto teaches the claimed invention as described in claim(s) 1-2 above and furthermore 
discloses determining if the number of timed-out connections between said web guard processor and said clients exceeds a 
second predetermined threshold, and if so, controlling said switch to delete (i.e., reset) all SYN packets destined for said 
server, (Poletteo, paragraph 0060-0072). 

7. As per claim(s) 4 Poletto teaches the claimed invention as described in claim(s) 1-3 above and furthermore 
discloses the step of generating an alarm indicating that said server is under attack, (See Poletteo, paragraph 0055-0058). 

8. As per claim(s) 5 Poletto teaches the claimed invention as described in claim(s) 1-4 above and furthermore 
discloses notifying said server that it is under attack, (See Poletteo, paragraph 0038). 
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9. As per claim(s) 6 Poletto teaches the claimed invention as described in claim(s) 1-5 above and furthermore 
discloses notifying other web guard processors in said network that said server is under attack, (See Poletteo, paragraph 
0037-0040). 

10. As per claim(s) 7 Poletto discloses the invention substantially as claimed. Poletto teaches arranging a switch 
receiving said SYN packets destined to said server to forward said SYN packets to a TCP proxy arranged to operate 
without an associated cache, for each SYN packet, sending a SYN/ACK packet from the TCP proxy to a sender address 
included in the SYN packet by the host, wherein, when subject to a CSDOS attack, does not successfully establish a TCP 
connection with said malicious host, and no TCP connection is made from said TCP proxy to said server, thereby 
protecting said server from said attack (See Poletto, paragraph 0053-0063). 

11. As per claim(s) 8, Poletto discloses forwarding a statistical sampling of packets from a switch in said network to 
a processor, if packets in said sampling indicate an attack, alerting the operation of said switch to reduce the effects of said 
attack, (See Paragraph 0042-0048). 

However, the prior art of record does not explicitly teach controlling a network switch to divert a predetermined 
fraction of SYN packets destined for a server, to a web guard processor, and if after monitoring the timed-out connections 
exceeds a predetermined threshold, controlling the switch to divert all SYN packets destined to said server to said web 
guard processor. 

In the same field of endeavor, Malan teaches a method and system for protecting a network from denial of 
service attacks comprising controlling a network switch to divert a predetermined fraction of SYN packets destined for a 
server, to a web guard processor, and if after monitoring the timed-out connections exceeds a predetermined threshold, 
controlling the switch to divert all SYN packets destined to said server to said web guard processor (see Malan, paragraph 
0108-0110). 

12. As per claim(s) 9 Poletto-Malan teach the claimed invention as described in claim(s) 8 above and furthermore 
discloses said switch is arranged to discard packets in the event an attack is detected, (See Poletto, Paragraph 0060-0062). 
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Response to Arguments 

13. Applicant's arguments with respect to claims 7-9 have been considered but are moot in view of the new 
ground(s) of rejection. The applicants argued in substance that the prior art of record fails to teach a SYN/ACK packet and 
further does not forward all packets destined for said server to said processor. The new grounds of rejection teaches these 
features. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to 
Paul H Kang whose telephone number is (571) 272-3882. The examiner can normally be reached on 9 hour flex. First 
Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Rupal Dharia can be 
reached on (571) 272-3880. The fax phone number for the organization where this application or proceeding is assigned is 
(571)273-8300. 

Information regarding the status of an application may be obtained from the Patent Application Information 
Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or 
Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more 
information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




